[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers-public] Stay in https after login?

From: Bob Proulx
Subject: [Savannah-hackers-public] Stay in https after login?
Date: Thu, 2 Jan 2014 14:53:16 -0700
User-agent: Mutt/1.5.21 (2010-09-15)

There is a checkbox on the login.php page.

  [x] Stay in secure (https) mode after login

The presented form may be accessed by either http or https.  It
defaults to checked which is good.  The form submit action is always
to an https URL which is also good.  But then regardless of the
setting of that checkbox the result is always https even if the
checkbox is not checked.  This is also good.

I think this question is now obsolete and should be removed.  I think
it became obsolete when the form POST action switched to https.
(Which was a very good thing.)  Since this code was written there has
been a big movement to make the web more secure.  I think this is just
a leftover from the old days.

I will investigate a little more but I plan on removing that checkbox.
I don't believe this will have any user visible effects.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]